[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using state and routing inbound traffic



On Fri, August 5, 2005 12:30 pm, Karl O. Pinc said:
> Hi,
>
> I want to route all inbound WAN traffic to a loopback
> interface so I can try some queueing on inbound traffic
> (to see if I can trade bandwidth for latency).
> But I'm not sure there's a way to do this
> in conjunction with stateful firewalling.
>
> Seems like:
>
> pass in on $internal_if from any to any port http keep state
> pass out on $external_if from any to any port http \
>       route-to lo1 keep state
>
> is going to route the outbound traffic on $external_if
> whereas what I want is to route the returning
> inbound traffic.  Right?  Is there a way to route inbound
> traffic to a loopback address so I can play around
> with queueing inbound traffic?
>
> Thanks.
Ok, three things:
First off, to do what you ask you need to change that last line to:
pass in on $external_if from any to any port http \
      route-to lo1 keep state
Second: You can quite easily apply queueing directly to the inbound
traffic on $external_if if you want.  It's just another interface.
Third: Doing so (or doing this) won't help you.  By the time the packets
have reached you it no longer matters what queues you set up for them.
Think of it this way: Queueing says 'If you need to drop packets, drop
these packets before those packets.'  That's all it says.  And the simple
fact is that by the time the packets have reached your external interface
*no more packets need to be dropped.*  This is because the only reason to
drop them is because you couldn't fit them on the connection, and you have
only recieved the ones that *would* fit.
Daniel T. Staal
---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------